Configuring a KUMA collector for receiving and processing Postfix events

To configure a KUMA collector for receiving Postfix events:

1. Import the [OOTB] Postfix package from the KUMA repository. The package is available for KUMA 3.0 and newer versions.
2. Create a new collector, and in the Collector Installation Wizard, configure the following:
   1. At the Transport step, in the Type field, select the tcp type, and in the URL field, specify the FQDN or IP address and port of the collector.
   2. At the Event parsing step, click Add event parsing, and in the displayed Basic event parsing window, in the Normalizer drop-down list, select the [OOTB] Postfix syslog normalizer.
   3. At the Event aggregation step, click Add aggregation rule, and in the displayed Event aggregation window, in the Aggregation rule drop-down list, select [OOTB] Postfix. Aggregation rule.
   4. At the Routing step, click Add and in the displayed Create destination window, create three destination points one by one—the same collector with the name Loop, a storage, and a correlator.
      1. Create a destination named Loop with the following parameters.
         • On the Basic settings tab, in the Type drop-down list, select the tcp transport type; in the URL field, specify the FQDN or IP address and port of the collector that you specified before at step 2.1 of these instructions.
         • On the Advanced settings tab, in the Filter drop-down list, select the Postfix. Filter for event aggregation filter.

           This configuration is necessary to send the aggregated event to the same collector for subsequent normalization.

      2. Create a correlator destination:
      3. On the Basic settings tab, in the Type drop-down list, select correlator and fill in the URL field.
      4. On the Advanced settings tab, in the Filter drop-down list, select the Postfix. Aggregated events to storage and correlator filter.
      5. Create a storage destination:
      • On the Basic settings tab, in the Type drop-down list, select storage and fill in the URL field.
      • On the Advanced settings tab, in the Filter drop-down list, select the Postfix. Aggregated events to storage and correlator filter.

        This configuration is necessary to send the aggregated normalized event to storage and the correlator.

3. Click the Create button.

   The collector service is created with the settings specified in the KUMA web interface. The command for installing the service on the server is displayed.

4. Copy the collector installation command and run it on the relevant server.

The collector is configured to receive and process Postfix events.